A holistic approach to mitigating DoS attacks in SDN networks
Bibliographic record
Abstract
Summary Software‐defined networking (SDN) has recently emerged as a new networking technology offering an unprecedented programmability that allows network operators to dynamically manage their infrastructures. However, despite these benefits, deny‐of‐service (DoS) attacks are considered a major threat to such networks, as they can easily overload the SDN controller and flood switch forwarding tables, resulting in a critical degradation of the network performance. To address this issue, we propose SDN‐Guard, a novel holistic approach to protect SDN networks against DoS attacks. Software‐defined networking–Guard leverages an intrusion detection system (IDS) to detect potential DoS attacks and then efficiently mitigate their impact by dynamically (1) rerouting malicious traffic, (2) adjusting flow time‐outs, and (3) aggregating flow rules. This paper extends our previous work by proposing solutions to minimize the switch‐to‐IDS traffic without impacting the IDS accuracy. We hence propose to use sampling techniques and devise an integer linear program to find the optimal placement for the IDS and to determine the switches that should mirror the flows towards it so as to minimize network bandwidth consumption. Extensive experiments using Mininet show that SDN‐Guard maintains network performance during DoS attacks and succeeds in reducing by up to 32% their impact on controller performance, usage of switch forwarding tables, and control plane bandwidth. Furthermore, our results show that carefully placing the IDS and selecting the switches mirroring, the traffic can reduce by up to 90% the switch‐to‐IDS traffic. They also show that the IDS accuracy remains at 100% by analyzing only 11% of the network traffic.
Fetched live from OpenAlex and de-inverted. Abstracts are not stored in this database: the inverted indexes are 8.6 GB of the frame’s 9.3 GB of text, and the host has 13 GB free.
How this classification was reachedexpand
Full frame distilled prediction
Teacher imitationNot calibrated prevalence, not ground truth. Human validation pending. Learned from the 10,348 direct Codex labels and 10,348 direct Gemma labels. Candidate is the union of thresholded teacher heads; consensus is their intersection. These outputs are machine_predicted_unvalidated and are not human labels or direct frontier model labels.
Codex and Gemma teacher scores by category
| Category | Codex | Gemma |
|---|---|---|
| Metaresearch | 0.001 | 0.000 |
| Meta-epidemiology (narrow) | 0.000 | 0.000 |
| Meta-epidemiology (broad) | 0.000 | 0.000 |
| Bibliometrics | 0.000 | 0.000 |
| Science and technology studies | 0.000 | 0.000 |
| Scholarly communication | 0.001 | 0.001 |
| Open science | 0.004 | 0.001 |
| Research integrity | 0.000 | 0.000 |
| Insufficient payload (model declined to judge) | 0.000 | 0.000 |
Machine scores (provisional)
The two teacher heads of the student model, read on this work. A score orders the frame for review; it never asserts a category, and the validation status ships verbatim with every row.
Baseline scores from an immature model (maturity gate not passed, 7 training rounds). Scores rank; they never assert a category.
score_only:v0-immature-baseline · verbatim from the scoring run: score_only means the number may rank works, and no category label ships from itClassification
machine, unvalidatedMachine predicted; a candidate call from one teacher head, not a consensus.
How this classification was reached, model by model and score by score, is at the end of the page under "How this classification was reached".